Chrome to guard against malicious downloads

Warnings against downloading malware are set to be included in future versions …

Google already warns users of its search engine if the page they're about to click on is likely to be malware. The company also has an API, the Safe Browsing API, to allow Web browsers to check if a URL is bad or not. This API is already used by Chrome, Firefox, and Safari.

Google has just announced that it's going to take this protection even further in its Chrome browser and apply it to executable downloads. Click a link that downloads a program Google's Safe Browsing API regards as hostile and you'll see a warning, along with an option to cancel the download.

Initially, malicious Windows programs will be the target. Such programs are unfortunately commonplace and generally depend on social engineering tricks—rather than outright security flaws—to lure users into installing them, with fake video codecs and bogus anti-virus software both being popular approaches.

A similar security system, designed for a similar purpose, was included in Internet Explorer 9. In that system, each download has a reputation attached to it, which is determined by the number of other people downloading a particular file. Try to download a file with a bad reputation and the browser will warn you that there's a chance it's malicious. This builds on top of the SmartScreen URL verification found in Internet Explorer 8 that offers equivalent functionality to the Safe Browsing API (though Microsoft claims that SmartScreen is far more effective).

The new Chrome feature will initially be available in the development version of the browser, and the company hopes to have it ready in time for the next stable release.

16 Reader Comments

How does SmartScreen determine the number of people downloading a given file? Does IE send a record of everything it downloads to Redmond? If so, I much prefer Google's approach, although I'll probably stick with Iceweasel for the foreseeable future.

How does SmartScreen determine the number of people downloading a given file? Does IE send a record of everything it downloads to Redmond? If so, I much prefer Google's approach, although I'll probably stick with Iceweasel for the foreseeable future.

How does SmartScreen determine the number of people downloading a given file? Does IE send a record of everything it downloads to Redmond? If so, I much prefer Google's approach, although I'll probably stick with Iceweasel for the foreseeable future.

It only collects that information if you've enabled the Customer Experience feedback program...unlike Chrome, where simply installing Chrome automatically opts you into providing Google information about what you do. (How do you think instant search works?)

This type of warning rely on statistics collected by google, are not as accurate as I would like it to be, based on the warning of dangerous website function in firefox, which uses google database. It's half useful, and half hassle.

After all, there are many items on the internet that only certain people would like, majority think them useless or objective, that can't be a standard to send out mass warning.

I'm sure that this is another required step into the endless war between thieves and guards, but I also think that will bring more complexity instead than simplifying life to end users, because when a security message appears 9/10 of times is not comprehensible to an average user.

It only collects that information if you've enabled the Customer Experience feedback program...unlike Chrome, where simply installing Chrome automatically opts you into providing Google information about what you do. (How do you think instant search works?)

I run Debian, so I'd be using Chromium, which doesn't collect usage statistics.

How does SmartScreen determine the number of people downloading a given file? Does IE send a record of everything it downloads to Redmond? If so, I much prefer Google's approach, although I'll probably stick with Iceweasel for the foreseeable future.

It only collects that information if you've enabled the Customer Experience feedback program...unlike Chrome, where simply installing Chrome automatically opts you into providing Google information about what you do. (How do you think instant search works?)

How does SmartScreen determine the number of people downloading a given file? Does IE send a record of everything it downloads to Redmond? If so, I much prefer Google's approach, although I'll probably stick with Iceweasel for the foreseeable future.

It only collects that information if you've enabled the Customer Experience feedback program...unlike Chrome, where simply installing Chrome automatically opts you into providing Google information about what you do. (How do you think instant search works?)

you probably mean search suggest, but you'd still be wrong. all the browsers do this now (that's how search suggestions work), which is why Mozilla decided to stick with the separate location and search boxes, so typed URLs wouldn't be sent anywhere. Microsoft decided to merge the two for IE9.

I'm sure that this is another required step into the endless war between thieves and guards, but I also think that will bring more complexity instead than simplifying life to end users, because when a security message appears 9/10 of times is not comprehensible to an average user.

Looking at the message, it looks simple enough: "This file appears to be malicious. Are you sure you want to continue?" I'm constantly amazed at how many people just download things without knowing exactly what they are.

Of course, when I find out that people are doing that, they're usually doing all kinds of other stupid things, so I suggest that they use Chrome for added security. So the people already using Chrome may not need this feature, and the ones who need it aren't using Chrome. Oh well.

This sounds similar to the reputation-based antivirus already built into security products. The Norton & McAfee products do this already by matching executable hashes against a server that returns the reputation for all executables. The product watches for new executables being downloaded & launched, and submits the URLs to a server. The server returns a reputation number based on how many people download the executable, if the AV product made a heuristic detection after the executable launches, etc.